harness-wizard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 8 Application Specification explicitly allows "URL to specification (will be fetched)" (and Phase 4 even recommends enabling "Brave Search" for web research), so the agent is expected to fetch and read arbitrary public URLs and web content which can directly influence task generation and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly states it will fetch a user-provided "URL to specification (will be fetched)" and inject that specification into the initializer prompt templates (e.g., .harness/prompts/initializer.md), so arbitrary external URL content can be fetched at runtime and directly control agent prompts.